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DETAILED ACTION 

1 . This action is responding to application papers filed 12-12-2003. 

2. Claims 1 - 34 are pending. Claims 1, 13, 23 are independent. 

Claim Rejections - 35 (JSC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102(e) that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

4. Claims 1 - 6, 9 - 18, 21 - 28, 31 - 34 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Williams et al. (US PGPUB No. 20030005118). 

Regarding Claims 1, 23, Williams discloses a method, computer program product of 
secure session management for a web farm, the web farm including a first server and a 
second server, the second server having a requested web page, the method comprising 
the steps of: 

a) receiving, at the first server, a request for the requested web page from a 
browser, said request including an encrypted session token; (see Williams 
paragraph [0019], lines 1-5: request processing; paragraph [0016], lines 1-4;: 
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session token; paragraph [0050], lines 10-16; paragraph [0051], lines 14-16: 
encryption utilized for security) 

b) decrypting said encrypted session token at the first server to obtain a session 
token; (see Williams paragraph [0020], lines 8-11: validate (must decryption 
required to process encrypted information) session information, process 
encrypted session information) 

c) redirecting said request to the second server, including transmitting said session 
token to the second server; (see Williams paragraph [0067], lines 12-18: 
redirection of session token and session information) and 

d) verifying said session token, (see Williams paragraph [0020], lines 8-1 1 ; 
paragraph [0074], lines 7-1 1 : validate session token information, client and 
session identification information) 

Regarding Claims 2, 24, Williams discloses the method, computer program product 
claimed in claims 1 , 23, further including steps of creating a new session token, 
encrypting said new session token at the second server to produce a new encrypted 
session token, and transmitting a response to said browser from the second server, 
wherein said response includes said new encrypted session token, (see Williams 
paragraph [0016], lines 7-13; paragraph [0016], lines 4-7: generate new encrypted 
session token and transfer) 



Regarding Claims 3, 5, 15, 17, 25, 27, Williams discloses the method, system, 
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computer program product claimed in claims 2, 13, 14, 23, 24, wherein said session 
token includes a session ID and a timestamp, and wherein said step of creating a new 
session token includes generating a new session ID and updating said timestamp. (see 
Williams paragraph [0062], lines 9-16; paragraph [0050], lines 1-5: session token, 
session ID and timestamp) 

Regarding Claims 4, 16, 26, Williams discloses the method, system, computer 
program product claimed in claims 2, 14, 24, further including a step of updating a 
common session database by replacing said session token with said new session token 
in said common session database, (see Williams paragraph [0069], lines 9-15: 
database for session token information storage) 

Regarding Claims 6, 18, 28, Williams discloses the method, system, computer 
program product claimed in claims 5, 17, 27, wherein a common session database 
contains a stored session ID and a stored timestamp, and wherein said step of verifying 
includes comparing said session ID and said timestamp with said stored session ID and 
said stored timestamp. (see Williams paragraph [0069], lines 9-15: database for session 
token information storage; paragraph [0062], lines 9-16; paragraph [0050], lines 1-5: 
session token, session ID and timestamp; paragraph [0020], lines 8-11: verification 
session information) 

Regarding Claims 9, 21, 31, Williams discloses the method, system, computer 
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program product claimed in claims 1,13, 23, wherein said step of transmitting includes 
incorporating said session token into a URL. (see Williams paragraph [0044], lines 8-12: 
URL processing techniques utilized) 

Regarding Claims 10, 32, Williams discloses the method, computer program product 
claimed in claims 1, 23, wherein a session management web service performs said step 
of verifying, said session management web service being accessible to said first server 
and said second server, and wherein said step of verifying includes comparing said 
session token with stored session data, (see Williams paragraph [0020], lines 8-11: 
session information verification) 

Regarding Claims 11, 33, Williams discloses the method, computer program product 
claimed in claims 10, 32, wherein the web farm further includes a common session 
database containing said stored session data, (see Williams paragraph [0013], lines 5- 
9; paragraph [0036], lines 3-4: web farms, set of interconnected web servers) 

Regarding Claims 12, 22, 34, Williams discloses the method, system, computer 
program product claimed in claims 1,13, 23, wherein said requested web page includes 
a web resource selected from the group including an applet, an HTML page, a Java 
server page, and an Active server page, (see Williams paragraph [0044], lines 3-8; 
paragraph [0042], lines 8-15: protected resource, a HTML web page) 
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Regarding Claim 13, Williams discloses a system for secure session management, the 
system being coupled to a network and receiving a request for a requested web page 
from a browser via the network, the request including an encrypted session token, the 
system comprising: 

a) a first server including a first request handler for receiving the request and 
decrypting the encrypted session token to produce a session token; (see 
Williams paragraph [0013], lines 5-9; paragraph [0050], lines 10-16: multiple 
servers, encrypted; paragraph [0020], lines 8-11: validate (i.e. must decrypt in 
order to process) session information) 

b) a second server including the requested web page; (see Williams paragraph 
[0013], lines 5-9: multiple servers; paragraph [0044], lines 3-8; paragraph [0042], 
lines 8-15: resource requested, a HTML web page) 

c) a common session database including stored session data; (see Williams 
paragraph [0069], lines 9-15: database for session token information storage) 
and 

d) a session management web service, accessible to said first server and said 
second server and including a validation component for comparing said session 
token with said stored session data; (see Williams paragraph [0020], lines 8-1 1 : 
session verification information) 

e) wherein said first request handler redirects the request to said second server and 
transmits the session token to said second server, (see Williams paragraph 
[0067], lines 12-18: redirection capabilities) 
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Regarding Claim 14, Williams discloses the system claimed in claim 13, wherein said 
session management web service includes a token generator for creating a new 
session token for said second server, and wherein said second server includes a 
second request handler, said second request handler encrypting said new session 
token to produce a new encrypted session token and transmitting a response to said 
browser, wherein said response includes said new encrypted session token, (see 
Williams paragraph [0016], lines 7-10; paragraph [0016], lines 4-7: new session token 
generated, and transferred; paragraph [0050], lines 10-16; paragraph [0051], lines 14- 
16: encrypted session token information) 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 7, 8, 1p, 20, 29, 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Williams in view of Bachman et al. (US Patent No. 5,907,621). 
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Regarding Claims 7, 19, 29, Williams discloses the method, system, computer 
program product claimed in claims 5, 17, 27. (see Williams paragraph [0050], lines 1-5 : 
time parameter usage and processing) Williams does not specifically disclose a time 
out processing capability. However, Bachman discloses wherein including a step of 
determining whether a session has timed out, said step of determining including 
determining an elapsed time between said timestamp and a current server time, and 
comparing said elapsed time with a predetermined maximum time to determine whether 
said session has timed out. (see Bachman col. 1, lines 65-67: session management; 
col. 4, lines 11-17; col. 6, lines 10-19: process time out condition) 

It would have been obvious to one of ordinary skill in the art to modify Williams as 
taught by Bachman to enable the capability to process a time period expiration 
condition. One of ordinary skill in the art would have been motivated to employ the 
teachings of Bachman in order to enable the capability to create a secure 
communications session between server and client systems and avoid distracting the 
client with the placement of token information within the page, (see Bachman col. 1, 
lines 65-67: " ... An advantage of the present invention is that a secure user session 
can be established between an internet server and a browser at an unsecured client. . . . 
"; col. 2, lines 1 5-1 7: " ... To avoid distracting the user, the token is carried in a field of 
the page that is normally not displayed in the presentation space. ...") 

Regarding Claims 8, 20, 30, Williams discloses the method, system, computer 
program product claimed in claims 7, 19, 29. (see Williams paragraph [0050], lines 1-5: 
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time parameter usage and processing) Williams does not specifically disclose a time 
out processing capability. However Bachman discloses wherein includes a step of 
closing said session if said session has timed out. (see Bachman col. 1 , lines 65-67: 
session management; col. 4, lines 11-17; col. 6, lines 10-19: process time out condition, 
session erased, closed) 

It would have been obvious to one of ordinary skill in the art to modify Williams as 
taught by Bachman to enable the capability to process a time period expiration 
condition. One of ordinary skill in the art would have been motivated to employ the 
teachings of Bachman in order to enable the capability to create a secure 
communications session between server and client systems and avoid distracting the 
client with the placement of token information within the page, (see Bachman col. 1 , 
lines 65-67; col. 2, lines 15-17) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton Johnson whose telephone number is 571-270- 
1032. The examiner can normally be reached Monday through Friday from 8:00AM to 
5:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nassar Moazzami, can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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